Abstract
This paper presents computationally “lightweight” schemes for performing biometric authentication that carry out the comparison stage without revealing any information that can later be used to impersonate the user (or reveal personal biometric information). Unlike some previous computationally expensive schemes — which make use of slower cryptographic primitives — this paper presents methods that are particularly suited to financial institutions that authenticate users with biometric smartcards, sensors, and other computationally limited devices. In our schemes, the client and server need only perform cryptographic hash computations on the feature vectors, and do not perform any expensive digital signatures or public-key encryption operations. In fact, the schemes we present have properties that make them appealing even in a framework of powerful devices capable of public-key signatures and encryptions. Our schemes make it computationally infeasible for an attacker to impersonate a user even if the attacker completely compromises the information stored at the server, including all the server’s secret keys. Likewise, our schemes make it computationally infeasible for an attacker to impersonate a user even if the attacker completely compromises the information stored at the client device (but not the biometric itself, which is assumed to remain attached to the user and is not stored on the client device in any form).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: International Workshop on Security Protocols, pp. 125–136 (1997)
Anderson, R.J., Kuhn, M.: Tamper resistance - a cautionary note. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11 (1996)
Bleumer, G.: Biometric yet privacy protecting person authentication. In: Proceedings of 1998 Information Hiding Workshop (IHW 1998), pp. 101–112. Springer, Heidelberg (1998)
Bleumer, G.: Offine personal credentials. Technical Report TR 98.4.1, AT&T (1998)
Bolle, R.M., Connell, J.H., Ratha, N.K.: Biometric perils and patches. Pattern Recognition 35(12), 2727–2738 (2002)
Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
Clancy, T.C., Kiyavashr, N., Lin, D.: Secure smartcard-based fingerprint authentication. In: Proceedings of the 2003 ACM Workshop on Biometrics Methods and Applications, pp. 45–52 (2003)
Davida, G., Frankel, Y.: Perfectly secure authorization and passive identification for an error tolerant biometric system. In: Walker, M. (ed.) Cryptography and Coding 1999. LNCS, vol. 1746, pp. 104–113. Springer, Heidelberg (1999)
Davida, G.I., Frankel, Y., Matt, B.J.: On enabling secure applications through off-line biometric identification. In: Proceedings of 1998 IEEE Symposium on Security and Privacy, pp. 148–157 (May 1998)
Davida, G.I., Frankel, Y., Matt, B.J.: On the relation of error correction and cryptography to an off-line biometric based identification scheme. In: Proceedings of WCC 1999, Workshop on Coding and Cryptography (1999)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Hachez, G., Koeune, F., Quisquater, J.-J.: Biometrics, access control, smart cards: A not so simple combination. In: Proc. of the Fourth Working Conference on Smart Card Research and Advanced Applications (CARDIS 2000), pp. 273–288. Kluwer Academic Publishers, Dordrecht (2000)
Impagliazzo, R., More, S.M.: Anonymous credentials with biometrically-enforced non-transferability. In: Proceedings of the Second ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (October 2003)
Jain, A., Hong, L., Bolle, R.: On-line fingerprint verification. IEEE Transactions on Pattern Analysis and Machine Intelligence 19(4), 302–314 (1997)
Juels, A., Sudan, M.: A fuzzy vault scheme. In: Proceedings of the 2002 IEEE International Symposium on Information Theory, pp. 408–413 (2002)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM conference on Computer and communications security, pp. 28–36. ACM Press, New York (1999)
Kerschbaum, F., Atallah, M.J., Mraihi, D., Rice, J.R.: Private fingerprint verification without local storage. In: Zhang, D., Jain, A.K. (eds.) ICBA 2004. LNCS, vol. 3072, pp. 387–394. Springer, Heidelberg (2004)
Schneier, B.: Biometrics: Truths and fictions, http://www.schneier.com/crypto-gram-9808.html#biometrics
Schneier, B.: Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. John Wiley & Sons, Inc., Chichester (1995)
Tuyls, P., Goseling, J.: Capacity and examples of template-protecting biometric authentication systems. In: Maltoni, D., Jain, A.K. (eds.) BioAW 2004. LNCS, vol. 3087, pp. 158–170. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Atallah, M.J., Frikken, K.B., Goodrich, M.T., Tamassia, R. (2005). Secure Biometric Authentication for Weak Computational Devices. In: Patrick, A.S., Yung, M. (eds) Financial Cryptography and Data Security. FC 2005. Lecture Notes in Computer Science, vol 3570. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11507840_32
Download citation
DOI: https://doi.org/10.1007/11507840_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26656-3
Online ISBN: 978-3-540-31680-0
eBook Packages: Computer ScienceComputer Science (R0)